Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.orgDatabase version: v2013.11.05.02
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16721
Legend :: LEGEND-PC [administrator]
Protection: Enabled
11/5/2013 5:00:51 PM
mbam-log-2013-11-05 (17-00-51).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 217368
Time elapsed: 6 minute(s), 11 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
# AdwCleaner v3.011 - Report created 05/11/2013 at 17:25:50
# Updated 03/11/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
# Username : Legend - LEGEND-PC
# Running from : C:\Users\Legend\Downloads\adwcleaner.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Users\Legend\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Legend\AppData\Roaming\Mozilla\Firefox\Profiles\drlbpvfw.default\CT3298572
Folder Deleted : C:\Users\Legend\AppData\Roaming\Mozilla\Firefox\Profiles\drlbpvfw.default\Extensions\{587d8d3d-079b-49d0-b54d-dd2a9911fffb}
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3298572
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\smartbar
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\smartbar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
***** [ Browsers ] *****
-\\ Internet Explorer v10.0.9200.16720
-\\ Mozilla Firefox v25.0 (en-US)
[ File : C:\Users\Legend\AppData\Roaming\Mozilla\Firefox\Profiles\drlbpvfw.default\prefs.js ]
Line Deleted : user_pref("CT3298572.FF19Solved", "true");
Line Deleted : user_pref("CT3298572.UserID", "UN68952064397592449");
Line Deleted : user_pref("CT3298572.fullUserID", "UN68952064397592449.IN.2013071420428");
Line Deleted : user_pref("CT3298572.installDate", "14/07/2013 2:04:28");
Line Deleted : user_pref("CT3298572.installSessionId", "{2AC88926-CE54-45D5-BF7C-2A042E85E2AA}");
Line Deleted : user_pref("CT3298572.installSp", "TRUE");
Line Deleted : user_pref("CT3298572.originalHomepage", "about:home");
Line Deleted : user_pref("CT3298572.searchRevert", "true");
Line Deleted : user_pref("CT3298572.searchUserMode", "2");
Line Deleted : user_pref("CT3298572.smartbar.homepage", "true");
Line Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3298572&octid=CT3298572&SearchSource=61&CUI=UN68952064397592449&UM=2&UP=SP1C4FDA51-81F6-4C0D-AC2E-8687A1B67952");
Line Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3298572&CUI=UN68952064397592449&UM=2&SearchSource=13,hxxp://search.conduit.com/?ctid=CT3298572&octid=CT3298572&SearchSource[...]
Line Deleted : user_pref("smartbar.homePageOwnerCTID", "CT3298572");
*************************
AdwCleaner[R0].txt - [6862 octets] - [05/11/2013 17:23:46]
AdwCleaner[S0].txt - [6935 octets] - [05/11/2013 17:25:50]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6995 octets] ##########
OTL logfile created on: 11/5/2013 5:32:35 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Legend\Downloads
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16721)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 1.70 Gb Available Physical Memory | 56.75% Memory free
5.99 Gb Paging File | 4.47 Gb Available in Paging File | 74.66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.65 Gb Total Space | 431.99 Gb Free Space | 92.77% Space Free | Partition Type: NTFS
Drive D: | 149.00 Gb Total Space | 145.76 Gb Free Space | 97.83% Space Free | Partition Type: NTFS
Computer Name: LEGEND-PC | User Name: Legend | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ========== PRC - [2013/11/05 17:30:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Legend\Downloads\OTL.exe
PRC - [2013/10/29 14:40:11 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013/10/08 13:49:22 | 000,990,400 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
PRC - [2013/10/08 13:49:20 | 000,214,512 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
PRC - [2013/10/01 07:14:40 | 005,087,584 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
PRC - [2013/10/01 07:14:40 | 004,536,672 | ---- | M] (TeamViewer GmbH) -- c:\Program Files\TeamViewer\Version8\TeamViewer_Desktop.exe
PRC - [2013/10/01 07:14:39 | 012,631,904 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version8\TeamViewer.exe
PRC - [2013/10/01 07:05:43 | 000,195,936 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version8\tv_w32.exe
PRC - [2013/09/27 12:39:50 | 000,313,120 | ---- | M] (Skillbrains) -- C:\Users\Legend\AppData\Local\Skillbrains\lightshot\4.4.2.10\LightShot.exe
PRC - [2013/06/26 15:19:34 | 001,006,112 | ---- | M] () -- C:\Program Files\Acunetix\Web Vulnerability Scanner 8\WVSScheduler.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013/02/19 20:32:08 | 001,259,296 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013/01/31 04:01:06 | 000,865,056 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2013/01/31 04:01:05 | 001,821,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2012/11/22 21:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/11/02 14:41:32 | 000,364,704 | ---- | M] (GoldenFrog) -- C:\Program Files\VyprVPN\VyprVPN.exe
PRC - [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/07/13 20:14:46 | 000,115,200 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2007/04/09 11:32:32 | 000,019,456 | ---- | M] (Creative Technology Ltd) -- C:\Windows\System32\CtHelper.exe
========== Modules (No Company Name) ========== MOD - [2013/10/29 14:40:11 | 003,368,048 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2013/10/09 02:33:58 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\8f5b881951592b2fd05f710650bf7e04\System.Core.ni.dll
MOD - [2013/10/09 02:29:16 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ef0a534be135cd8f0d99d938d8b1814a\System.Windows.Forms.ni.dll
MOD - [2013/10/09 02:29:07 | 001,806,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\abef2d6ca33a18d7af379ee35c64154c\System.Deployment.ni.dll
MOD - [2013/10/09 02:28:44 | 000,688,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\65fa27da96ef57affcac61ac16c111e0\System.Security.ni.dll
MOD - [2013/10/09 02:28:42 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29f3ae8d313e62b4daed1107ccd29f9f\System.Configuration.ni.dll
MOD - [2013/10/09 02:12:11 | 018,109,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\60608b811724b2711cb96817043c4dd8\System.ServiceModel.ni.dll
MOD - [2013/10/09 02:02:37 | 018,003,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\464a76a3fdc9ee7456cb4baaea3e503a\PresentationFramework.ni.dll
MOD - [2013/10/09 02:02:15 | 001,014,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\71d887ce964fb69b7f03c4fe7a3f28ff\System.Configuration.ni.dll
MOD - [2013/10/09 02:02:03 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b5b66869081b909d238fdea083cf3179\PresentationCore.ni.dll
MOD - [2013/10/09 02:01:50 | 007,070,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\dac1208781fdd0b960afc12efff42944\System.Core.ni.dll
MOD - [2013/10/09 02:01:41 | 003,858,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\0b37b2bafc33ef52282b9d7b217cabaf\WindowsBase.ni.dll
MOD - [2013/08/24 02:24:38 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll
MOD - [2013/08/24 02:24:12 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll
MOD - [2013/08/24 02:24:04 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll
MOD - [2013/08/24 02:13:19 | 000,253,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\6a6925ae06bbe4b8e647e203597af47a\WindowsFormsIntegration.ni.dll
MOD - [2013/08/24 02:06:57 | 001,801,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\4d277a8481c203a35c58bd277a2e71df\System.Xaml.ni.dll
MOD - [2013/08/24 02:04:00 | 005,628,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\884bcbd22130ebeb1211bc7bcc3910c9\System.Xml.ni.dll
MOD - [2013/08/24 02:03:29 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\228b114c79c5d9024bdb4cc580e32c09\PresentationFramework.Aero.ni.dll
MOD - [2013/08/24 02:03:06 | 009,099,776 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\de853615c8224ba5d9aa9b76276c6d98\System.ni.dll
MOD - [2013/08/07 14:25:24 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2013/07/10 02:26:18 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2013/07/10 02:07:01 | 014,416,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\cf58670896c5313b9b52f026f4455a5d\mscorlib.ni.dll
MOD - [2013/06/17 12:35:10 | 000,478,400 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\dblite.dll
MOD - [2012/11/02 14:40:30 | 000,091,648 | ---- | M] () -- C:\Program Files\VyprVPN\Lib\VpnLib.dll
MOD - [2012/11/02 14:40:06 | 000,056,832 | ---- | M] () -- C:\Program Files\VyprVPN\Lib\libvyprweb.dll
MOD - [2012/11/02 14:39:08 | 000,248,832 | ---- | M] () -- C:\Program Files\VyprVPN\Lib\libcurl.dll
MOD - [2012/10/11 20:56:46 | 000,087,952 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/10/11 20:56:22 | 001,242,512 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012/06/18 10:24:30 | 000,260,096 | ---- | M] () -- C:\Program Files\Notepad++\NppShell_05.dll
MOD - [2007/09/20 17:34:58 | 000,129,024 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
========== Services (SafeList) ========== SRV - [2013/10/29 14:40:11 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/10/08 18:53:07 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/10/08 13:49:20 | 000,214,512 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe -- (AVP)
SRV - [2013/10/01 07:14:40 | 005,087,584 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2013/06/26 15:19:34 | 001,006,112 | ---- | M] () [Auto | Running] -- C:\Program Files\Acunetix\Web Vulnerability Scanner 8\WVSScheduler.exe -- (AcuWVSSchedulerv8)
SRV - [2013/05/26 23:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/04/17 02:00:53 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/02/19 20:32:08 | 001,259,296 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
========== Driver Services (SafeList) ========== DRV - [2013/10/08 13:49:18 | 000,574,560 | ---- | M] (Kaspersky Lab ZAO) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2013/10/08 13:49:18 | 000,135,776 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\kl1.sys -- (kl1)
DRV - [2013/10/08 13:49:18 | 000,025,696 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2013/10/08 13:49:18 | 000,025,696 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klkbdflt.sys -- (klkbdflt)
DRV - [2013/10/08 13:49:18 | 000,025,696 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6)
DRV - [2013/06/08 20:18:38 | 000,094,304 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\klflt.sys -- (klflt)
DRV - [2013/06/06 17:38:20 | 000,145,120 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\kneps.sys -- (kneps)
DRV - [2013/05/14 17:34:44 | 000,045,024 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\kltdi.sys -- (kltdi)
DRV - [2013/04/12 15:34:48 | 000,014,432 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\klpd.sys -- (klpd)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2013/02/19 20:32:54 | 010,919,200 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012/08/23 09:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012/08/23 09:41:34 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2012/08/23 09:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2009/12/30 09:21:18 | 000,027,192 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009/07/08 23:47:00 | 001,172,992 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007/04/18 07:59:40 | 000,098,600 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\COMMONFX.DLL -- (COMMONFX.DLL)
DRV - [2007/04/12 07:10:26 | 000,164,608 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CT20XUT.DLL -- (CT20XUT.DLL)
DRV - [2007/04/12 07:10:26 | 000,066,816 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CTHWIUT.DLL -- (CTHWIUT.DLL)
DRV - [2007/04/12 07:10:24 | 001,317,632 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CTEXFIFX.DLL -- (CTEXFIFX.DLL)
DRV - [2007/04/12 07:10:22 | 000,323,328 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CTEDSPSY.DLL -- (CTEDSPSY.DLL)
DRV - [2007/04/12 07:10:22 | 000,128,768 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CTEDSPIO.DLL -- (CTEDSPIO.DLL)
DRV - [2007/04/12 07:10:20 | 000,280,320 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CTEDSPFX.DLL -- (CTEDSPFX.DLL)
DRV - [2007/04/12 07:10:20 | 000,094,976 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CTERFXFX.DLL -- (CTERFXFX.DLL)
DRV - [2007/04/12 07:10:18 | 000,168,192 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CTEAPSFX.DLL -- (CTEAPSFX.DLL)
DRV - [2007/04/12 07:10:16 | 000,560,384 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\CTSBLFX.DLL -- (CTSBLFX.DLL)
DRV - [2007/04/12 07:10:16 | 000,546,048 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\CTAUDFX.DLL -- (CTAUDFX.DLL)
DRV - [2007/04/10 05:00:24 | 000,157,480 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2007/04/10 04:59:04 | 000,126,760 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2007/04/10 03:32:06 | 000,189,736 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\haP17v2k.sys -- (hap17v2k)
DRV - [2007/04/10 03:31:18 | 000,163,112 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\haP16v2k.sys -- (hap16v2k)
DRV - [2007/04/10 03:29:10 | 000,797,992 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2007/04/10 03:28:36 | 000,092,968 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\emupia2k.sys -- (emupia)
DRV - [2007/04/10 03:25:46 | 000,014,632 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2007/04/10 03:21:06 | 000,347,128 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2007/04/10 03:20:38 | 000,520,488 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctaud2k.sys -- (ctaud2k)
DRV - [2007/04/10 03:19:30 | 000,511,272 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ctac32k.sys -- (ctac32k)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" =
http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache =
http://www.msn.com/?ocid=iehpIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BF 23 E3 C6 12 3B CE 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" =
http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\..\SearchScopes\{8FE6B230-2735-413D-8824-52CD65BD30B7}: "URL" =
http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3298572&CUI=UN19536156362933925&UM=2
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ========== FF - prefs.js..browser.startup.homepage: "https://www.google.com/"
FF - prefs.js..extensions.enabledAddons: %7BB042753D-F57E-4e8e-A01B-7379A6D4CEFB%7D:1.35
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2013/11/03 22:08:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2013/11/03 22:08:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2013/11/03 22:08:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\anti_banner@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2013/11/03 22:08:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\online_banking@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2013/11/03 22:08:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/10/30 14:55:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/10/30 14:55:44 | 000,000,000 | ---D | M]
[2013/07/14 01:05:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Legend\AppData\Roaming\mozilla\Extensions
[2013/11/05 16:59:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Legend\AppData\Roaming\mozilla\Firefox\Profiles\drlbpvfw.default\extensions
[2013/11/05 04:27:48 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Users\Legend\AppData\Roaming\mozilla\Firefox\Profiles\drlbpvfw.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2013/10/29 05:49:08 | 000,015,421 | ---- | M] () (No name found) -- C:\Users\Legend\AppData\Roaming\mozilla\firefox\profiles\drlbpvfw.default\extensions\firefox-hotfix@mozilla.org.xpi
[2013/10/19 15:48:40 | 000,135,673 | ---- | M] () (No name found) -- C:\Users\Legend\AppData\Roaming\mozilla\firefox\profiles\drlbpvfw.default\extensions\{4093c4de-454a-4329-8aff-c6b0b123c386}.xpi
[2013/10/29 14:40:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/10/29 14:40:11 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
File not found (No name found) -- C:\USERS\LEGEND\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DRLBPVFW.DEFAULT\EXTENSIONS\{B042753D-F57E-4E8E-A01B-7379A6D4CEFB}
[2012/01/12 03:58:30 | 000,917,816 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll
O1 HOSTS File: ([2009/06/10 16:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CTHelper] C:\Windows\System32\CtHelper.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\System32\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [LightShot] C:\Users\Legend\AppData\Local\Skillbrains\lightshot\LightShot.exe ()
O4 - Startup: C:\Users\Legend\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\VyprVPN.lnk = C:\Windows\System32\schtasks.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ie_banner_deny.htm ()
O13 - gopher Prefix: missing
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A}
http://quickscan.bitdefender.com/qsax/qsax.cab (Bitdefender QuickScan Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5}
http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{02FD2760-5B02-4937-9FEB-EB59125814DA}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7F41ACF0-AB2E-49A8-B653-94C82CF6A84B}: NameServer = 209.99.109.53 209.99.109.54
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ========== [2013/11/05 17:23:42 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/11/05 04:47:46 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013/11/05 04:29:15 | 000,000,000 | ---D | C] -- C:\Users\Legend\AppData\Roaming\QuickScan
[2013/11/05 04:08:52 | 000,000,000 | ---D | C] -- C:\MGtools
[2013/11/05 04:03:40 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013/11/05 03:50:08 | 000,000,000 | ---D | C] -- C:\Users\Legend\Desktop\RK_Quarantine
[2013/11/05 03:42:34 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013/11/05 03:10:21 | 000,000,000 | ---D | C] -- C:\Users\Legend\AppData\Roaming\Malwarebytes
[2013/11/05 03:10:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/11/05 03:10:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/11/05 03:10:08 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/11/05 03:10:08 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/11/05 02:29:26 | 000,000,000 | ---D | C] -- C:\Users\Legend\AppData\Roaming\win update
[2013/11/04 15:23:36 | 000,000,000 | -HSD | C] -- C:\Users\Legend\AppData\Roaming\msgre
[2013/11/04 15:07:31 | 000,000,000 | -HSD | C] -- C:\Users\Legend\AppData\Roaming\msgr
[2013/11/03 22:09:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security
[2013/11/03 22:08:35 | 000,000,000 | ---D | C] -- C:\Windows\ELAMBKUP
[2013/11/03 22:08:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2013/11/03 22:08:31 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2013/11/03 22:08:22 | 000,574,560 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\System32\drivers\klif.sys
[2013/11/03 22:08:22 | 000,094,304 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\System32\drivers\klflt.sys
[2013/11/02 14:41:30 | 000,000,000 | ---D | C] -- C:\Users\Legend\Desktop\advancedpost
[2013/11/02 14:08:31 | 000,000,000 | ---D | C] -- C:\Users\Legend\AppData\Roaming\Explorer
[2013/11/02 14:06:20 | 000,000,000 | ---D | C] -- C:\Users\Legend\AppData\Roaming\vertex
[2013/10/30 15:00:38 | 000,000,000 | ---D | C] -- C:\Users\Legend\AppData\Local\Apple Computer
[2013/10/30 15:00:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/10/30 14:59:49 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2013/10/30 14:58:52 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/10/30 14:58:50 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/10/30 14:58:50 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013/10/30 14:56:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
[2013/10/30 14:55:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2013/10/30 14:55:25 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2013/10/30 14:55:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2013/10/29 14:40:06 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/10/20 18:13:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acunetix Web Vulnerability Scanner 8
[2013/10/20 18:12:52 | 000,000,000 | ---D | C] -- C:\Program Files\Acunetix
[2013/10/20 18:01:25 | 000,000,000 | ---D | C] -- C:\Users\Legend\Desktop\Acunetix 8 version 2013_06_26 [mindcrasher]
[2013/10/19 01:38:31 | 000,000,000 | ---D | C] -- C:\Users\Legend\Desktop\awardsystem
[2013/10/16 20:26:51 | 000,000,000 | ---D | C] -- C:\Users\Legend\Desktop\CUSTOM-MODS
[2013/10/16 19:20:35 | 000,000,000 | ---D | C] -- C:\Users\Legend\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
[2013/10/16 19:20:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
[2013/10/16 19:20:31 | 000,000,000 | ---D | C] -- C:\Users\Legend\AppData\Roaming\Notepad++
[2013/10/16 19:20:31 | 000,000,000 | ---D | C] -- C:\Program Files\Notepad++
[2013/10/16 19:11:18 | 000,000,000 | ---D | C] -- C:\Users\Legend\Desktop\NEWVB
[2013/10/16 17:15:11 | 000,000,000 | ---D | C] -- C:\Program Files\FileZilla FTP Client
[2013/10/16 12:19:54 | 000,000,000 | ---D | C] -- C:\Users\Legend\Desktop\CRACKINGFORCE STUFF
[2013/10/16 12:08:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XAMPP
[2013/10/16 12:03:11 | 000,000,000 | ---D | C] -- C:\xampp
[2013/10/16 11:52:40 | 000,000,000 | ---D | C] -- C:\Users\Legend\Desktop\includes
[2013/10/16 04:35:18 | 000,000,000 | ---D | C] -- C:\Users\Legend\Desktop\admincp
[2013/10/14 19:05:31 | 000,000,000 | ---D | C] -- C:\Users\Legend\Desktop\NEW-MoD-CP-COmEs-WiTh-CrAcK3r-PrInCe966369974114
[2013/10/14 19:05:30 | 000,000,000 | ---D | C] -- C:\Users\Legend\Desktop\NEW-ADMIN-CP-COmEs-WiTh-CrAcK3r-PrInCe966369974114
[2013/10/14 18:23:13 | 000,000,000 | ---D | C] -- C:\Users\Legend\Desktop\vb
[2013/10/14 18:17:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Globalscape
[2013/10/14 18:17:26 | 000,000,000 | ---D | C] -- C:\Users\Legend\AppData\Local\Globalscape
[2013/10/14 18:16:40 | 000,000,000 | ---D | C] -- C:\Users\Legend\AppData\Roaming\Globalscape
[2013/10/14 18:16:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Globalscape
[2013/10/14 18:16:33 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2013/10/14 18:16:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2013/10/14 18:16:10 | 000,000,000 | ---D | C] -- C:\Program Files\Globalscape
[2013/10/14 18:11:13 | 000,000,000 | ---D | C] -- C:\Users\Legend\Desktop\CuteFTP Pro 9.0.5.0007 Final ML - SceneDL (PimpRG)
[2013/10/08 13:49:18 | 000,135,776 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\System32\drivers\kl1.sys
[2013/10/08 13:49:18 | 000,025,696 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\System32\drivers\klmouflt.sys
[2013/10/08 13:49:18 | 000,025,696 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\System32\drivers\klkbdflt.sys
[2013/10/08 13:49:18 | 000,025,696 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\System32\drivers\klim6.sys
[1 C:\Users\Legend\AppData\Roaming\*.tmp files -> C:\Users\Legend\AppData\Roaming\*.tmp -> ]
========== Files - Modified Within 30 Days ========== [2013/11/05 17:35:05 | 000,020,496 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/11/05 17:35:05 | 000,020,496 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/11/05 17:34:04 | 000,660,068 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/11/05 17:34:04 | 000,120,996 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/11/05 17:29:03 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\update-sys.job
[2013/11/05 17:27:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/11/05 17:27:29 | 2414,469,120 | -HS- | M] () -- C:\hiberfil.sys
[2013/11/05 17:26:29 | 000,030,888 | ---- | M] () -- C:\Windows\System32\BMXStateBkp-{00000004-00000000-00000002-00001102-00000004-20061102}.rfx
[2013/11/05 17:26:29 | 000,030,888 | ---- | M] () -- C:\Windows\System32\BMXState-{00000004-00000000-00000002-00001102-00000004-20061102}.rfx
[2013/11/05 17:26:29 | 000,030,528 | ---- | M] () -- C:\Windows\System32\BMXCtrlState-{00000004-00000000-00000002-00001102-00000004-20061102}.rfx
[2013/11/05 17:26:29 | 000,030,528 | ---- | M] () -- C:\Windows\System32\BMXBkpCtrlState-{00000004-00000000-00000002-00001102-00000004-20061102}.rfx
[2013/11/05 17:26:29 | 000,011,564 | ---- | M] () -- C:\Windows\System32\DVCState-{00000004-00000000-00000002-00001102-00000004-20061102}.rfx
[2013/11/05 17:02:04 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\update-S-1-5-21-3948627023-1765461353-29695978-1000.job
[2013/11/05 16:53:02 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/11/05 16:50:53 | 004,958,588 | ---- | M] () -- C:\Windows\{00000004-00000000-00000002-00001102-00000004-20061102}.CDF
[2013/11/05 04:18:16 | 000,224,386 | ---- | M] () -- C:\Users\Legend\Desktop\MGlogs.zip
[2013/11/05 04:18:16 | 000,224,386 | ---- | M] () -- C:\MGlogs.zip
[2013/11/05 03:10:11 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/11/03 22:09:44 | 000,002,276 | ---- | M] () -- C:\Users\Legend\Desktop\Safe Money.lnk
[2013/11/03 22:08:58 | 000,001,094 | ---- | M] () -- C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
[2013/11/02 14:53:33 | 000,000,255 | -HS- | M] () -- C:\boot.ini
[2013/11/02 14:25:27 | 000,183,787 | ---- | M] () -- C:\Users\Legend\Desktop\[DBTech] Advanced Post Thanks - Like v3.1.7 [Lite].zip
[2013/11/01 17:58:20 | 000,002,188 | -H-- | M] () -- C:\Users\Legend\Documents\Default.rdp
[2013/10/30 15:00:28 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/10/20 18:13:28 | 000,000,716 | ---- | M] () -- C:\Windows\WVS_InstDBLogFile.csv
[2013/10/18 06:28:00 | 000,041,068 | ---- | M] () -- C:\Users\Legend\Desktop\register.php
[2013/10/16 20:20:34 | 000,018,708 | ---- | M] () -- C:\Users\Legend\Desktop\point.rar
[2013/10/16 20:19:38 | 000,010,064 | ---- | M] () -- C:\Users\Legend\Desktop\2 mods.rar
[2013/10/16 19:51:28 | 000,151,049 | ---- | M] () -- C:\Users\Legend\Desktop\class_core.php
[2013/10/16 19:38:38 | 000,010,249 | ---- | M] () -- C:\Users\Legend\Desktop\config.php
[2013/10/16 19:20:35 | 000,001,025 | ---- | M] () -- C:\Users\Legend\Desktop\Notepad++.lnk
[2013/10/16 18:37:41 | 000,008,044 | ---- | M] () -- C:\Users\Legend\Desktop\socialgroupmessage.php
[2013/10/16 18:37:39 | 000,010,694 | ---- | M] () -- C:\Users\Legend\Desktop\socialgroupdiscussion.php
[2013/10/16 18:28:20 | 000,041,575 | ---- | M] () -- C:\Users\Legend\Desktop\files.rar
[2013/10/16 01:40:00 | 100,190,414 | ---- | M] () -- C:\Users\Legend\Desktop\public_html.zip
[2013/10/14 17:28:20 | 011,608,074 | ---- | M] () -- C:\Users\Legend\Desktop\vbulletinsuite_4-2-2_VBCE3A3A83.zip
[2013/10/14 14:27:32 | 000,001,485 | ---- | M] () -- C:\Users\Legend\Desktop\install.php
[2013/10/09 04:34:31 | 000,000,443 | ---- | M] () -- C:\Users\Legend\AppData\Local\UserProducts.xml
[2013/10/09 02:27:55 | 000,269,536 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/10/08 13:49:18 | 000,574,560 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\System32\drivers\klif.sys
[2013/10/08 13:49:18 | 000,135,776 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\System32\drivers\kl1.sys
[2013/10/08 13:49:18 | 000,025,696 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\System32\drivers\klmouflt.sys
[2013/10/08 13:49:18 | 000,025,696 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\System32\drivers\klkbdflt.sys
[2013/10/08 13:49:18 | 000,025,696 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\System32\drivers\klim6.sys
[1 C:\Users\Legend\AppData\Roaming\*.tmp files -> C:\Users\Legend\AppData\Roaming\*.tmp -> ]
========== Files Created - No Company Name ========== [2013/11/05 04:18:16 | 000,224,386 | ---- | C] () -- C:\Users\Legend\Desktop\MGlogs.zip
[2013/11/05 04:09:00 | 000,224,386 | ---- | C] () -- C:\MGlogs.zip
[2013/11/05 03:10:11 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/11/04 15:37:23 | 000,041,068 | ---- | C] () -- C:\Users\Legend\Desktop\register.php
[2013/11/03 22:09:44 | 000,002,276 | ---- | C] () -- C:\Users\Legend\Desktop\Safe Money.lnk
[2013/11/03 22:09:08 | 000,001,094 | ---- | C] () -- C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
[2013/11/02 14:40:31 | 000,183,787 | ---- | C] () -- C:\Users\Legend\Desktop\[DBTech] Advanced Post Thanks - Like v3.1.7 [Lite].zip
[2013/10/30 15:00:28 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/10/16 20:25:54 | 000,018,708 | ---- | C] () -- C:\Users\Legend\Desktop\point.rar
[2013/10/16 20:25:46 | 000,010,064 | ---- | C] () -- C:\Users\Legend\Desktop\2 mods.rar
[2013/10/16 19:20:35 | 000,001,025 | ---- | C] () -- C:\Users\Legend\Desktop\Notepad++.lnk
[2013/10/16 18:54:03 | 000,001,485 | ---- | C] () -- C:\Users\Legend\Desktop\install.php
[2013/10/16 18:28:20 | 000,041,575 | ---- | C] () -- C:\Users\Legend\Desktop\files.rar
[2013/10/16 18:25:52 | 000,010,694 | ---- | C] () -- C:\Users\Legend\Desktop\socialgroupdiscussion.php
[2013/10/16 18:25:52 | 000,008,044 | ---- | C] () -- C:\Users\Legend\Desktop\socialgroupmessage.php
[2013/10/16 18:24:33 | 000,151,049 | ---- | C] () -- C:\Users\Legend\Desktop\class_core.php
[2013/10/16 11:39:49 | 100,190,414 | ---- | C] () -- C:\Users\Legend\Desktop\public_html.zip
[2013/10/14 21:10:54 | 000,010,249 | ---- | C] () -- C:\Users\Legend\Desktop\config.php
[2013/10/14 18:20:08 | 011,608,074 | ---- | C] () -- C:\Users\Legend\Desktop\vbulletinsuite_4-2-2_VBCE3A3A83.zip
[2013/04/20 14:16:24 | 000,000,103 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2013/04/16 21:58:13 | 000,000,443 | ---- | C] () -- C:\Users\Legend\AppData\Local\UserProducts.xml
========== ZeroAccess Check ========== [2009/07/13 23:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 16:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 20:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ========== [2013/11/05 03:21:52 | 000,000,000 | ---D | M] -- C:\Users\Legend\AppData\Roaming\Explorer
[2013/11/05 03:44:23 | 000,000,000 | ---D | M] -- C:\Users\Legend\AppData\Roaming\FileZilla
[2013/10/14 18:16:40 | 000,000,000 | ---D | M] -- C:\Users\Legend\AppData\Roaming\Globalscape
[2013/04/20 13:17:49 | 000,000,000 | ---D | M] -- C:\Users\Legend\AppData\Roaming\Mavituna Security Ltd
[2013/11/04 15:07:31 | 000,000,000 | -HSD | M] -- C:\Users\Legend\AppData\Roaming\msgr
[2013/11/04 15:23:36 | 000,000,000 | -HSD | M] -- C:\Users\Legend\AppData\Roaming\msgre
[2013/10/16 19:20:46 | 000,000,000 | ---D | M] -- C:\Users\Legend\AppData\Roaming\Notepad++
[2013/11/05 04:29:21 | 000,000,000 | ---D | M] -- C:\Users\Legend\AppData\Roaming\QuickScan
[2013/11/04 14:48:36 | 000,000,000 | ---D | M] -- C:\Users\Legend\AppData\Roaming\vertex
[2013/11/05 03:21:52 | 000,000,000 | ---D | M] -- C:\Users\Legend\AppData\Roaming\win update
========== Purity Check ========== < End of report >
OTL Extras logfile created on: 11/5/2013 5:32:35 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Legend\Downloads
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16721)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 1.70 Gb Available Physical Memory | 56.75% Memory free
5.99 Gb Paging File | 4.47 Gb Available in Paging File | 74.66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.65 Gb Total Space | 431.99 Gb Free Space | 92.77% Space Free | Partition Type: NTFS
Drive D: | 149.00 Gb Total Space | 145.76 Gb Free Space | 97.83% Space Free | Partition Type: NTFS
Computer Name: LEGEND-PC | User Name: Legend | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2E3A943A-60B4-41A6-9B55-97C29ED9B632}" = lport=26702 | protocol=17 | dir=in | name=bitcomet 26702 udp |
"{88361D74-1988-4034-8903-B7BA44008D29}" = lport=26702 | protocol=6 | dir=in | name=bitcomet 26702 tcp |
========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{19938158-ED7D-4694-B853-087605545A8F}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version8\teamviewer.exe |
"{1F4C3B74-6959-4EED-ACFF-04CC6538BB0B}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{5B306152-8D4D-428E-BD3F-BCFCCED2BCB2}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version8\teamviewer_service.exe |
"{6B37AD4E-6B35-4E5A-A24F-9A3FB090EAD5}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version8\teamviewer.exe |
"{A1BBB2F1-DFB4-43E9-9A3E-B2CE3E564E4A}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{FE8AC7E6-B3D3-4A5A-90BC-8E88302C5A5A}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version8\teamviewer_service.exe |
"TCP Query User{1847D9A7-1567-4C4D-B296-89992038D04D}C:\program files\globalscape\cuteftp\ftpte.exe" = protocol=6 | dir=in | app=c:\program files\globalscape\cuteftp\ftpte.exe |
"TCP Query User{567B12A3-8E35-46B2-95A0-0C6042E0F13F}C:\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
"TCP Query User{A27365DD-0DB0-49CE-87B9-A24937FB5E1A}C:\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe |
"UDP Query User{68BA2DA5-B8DD-45F8-9194-BCE671B78756}C:\program files\globalscape\cuteftp\ftpte.exe" = protocol=17 | dir=in | app=c:\program files\globalscape\cuteftp\ftpte.exe |
"UDP Query User{8765D853-631B-44A4-9E04-613CA5B7C94F}C:\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe |
"UDP Query User{95E99BA7-5181-4F8C-B85B-4132842C1C84}C:\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}" = Apple Mobile Device Support
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{20C6FF70-690B-4DF7-8F5D-269DD3A7FD23}" = iCloud
"{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1" = lightshot-4.4.2.10
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 3.0.2
"{6F6873E3-5C92-4049-B511-231A138DD090}" = Kaspersky Internet Security
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{89B9E358-75C6-4C6B-BD38-803FF156CC4B}" = CuteFTP 9
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 307.83
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 307.83
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{C8EBB0DE-5655-4D32-99E1-9447E702A89F}" = iTunes
"{DBD76811-6CF0-4A15-9436-B779C3A36929}_is1" = Acunetix Web Vulnerability Scanner 8.0
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"CCleaner" = CCleaner
"ESET Online Scanner" = ESET Online Scanner v3
"FileZilla Client" = FileZilla Client 3.7.3
"InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}" = Kaspersky Internet Security
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 25.0 (x86 en-US)" = Mozilla Firefox 25.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Netsparker" = Netsparker - Web Application Security Scanner (2.3.0.0)
"Notepad++" = Notepad++
"TeamViewer 8" = TeamViewer 8
"VyprVPN 1.4.1.601" = VyprVPN
"WinRAR archiver" = WinRAR archiver
"xampp" = XAMPP
========== Last 20 Event Log Errors ========== [ Application Events ]
Error - 11/4/2013 6:32:41 AM | Computer Name = Legend-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Sentry_MBA.exe, version: 1.4.1.9619, time
stamp: 0x2a425e19 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18229,
time stamp: 0x51fb10c6 Exception code: 0x0eedfade Fault offset: 0x0000812f Faulting
process id: 0x14c0 Faulting application start time: 0x01ced7aabc276e2b Faulting application
path: C:\Tools\SentryMBA1.4.1\Sentry_MBA.exe Faulting module path: C:\Windows\system32\KERNELBASE.dll
Report
Id: 6e53a90b-453c-11e3-927a-001111898a6b
Error - 11/4/2013 3:45:59 PM | Computer Name = Legend-PC | Source = WinMgmt | ID = 10
Description =
Error - 11/5/2013 1:32:20 AM | Computer Name = Legend-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program files\spybot
- search & destroy\DelZip179.dll" on line 8. The value "*" of attribute "language"
in element "assemblyIdentity" is invalid.
Error - 11/5/2013 3:30:43 AM | Computer Name = Legend-PC | Source = WinMgmt | ID = 10
Description =
Error - 11/5/2013 3:59:48 AM | Computer Name = Legend-PC | Source = VSS | ID = 8194
Description =
Error - 11/5/2013 4:23:43 AM | Computer Name = Legend-PC | Source = WinMgmt | ID = 10
Description =
Error - 11/5/2013 4:39:25 AM | Computer Name = Legend-PC | Source = VSS | ID = 8194
Description =
Error - 11/5/2013 5:54:09 PM | Computer Name = Legend-PC | Source = WinMgmt | ID = 10
Description =
Error - 11/5/2013 5:59:04 PM | Computer Name = Legend-PC | Source = VSS | ID = 8194
Description =
Error - 11/5/2013 6:29:16 PM | Computer Name = Legend-PC | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 7/14/2013 2:06:47 AM | Computer Name = Legend-PC | Source = Service Control Manager | ID = 7030
Description = The SProtection service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.
Error - 7/14/2013 2:07:26 AM | Computer Name = Legend-PC | Source = Service Control Manager | ID = 7031
Description = The Windows Installer service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 120000 milliseconds:
Restart the service.
Error - 7/14/2013 2:09:26 AM | Computer Name = Legend-PC | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Windows Installer service,
but this action failed with the following error: %%1056
Error - 8/23/2013 8:06:58 PM | Computer Name = Legend-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 2:56:55 PM on ?7/?18/?2013 was unexpected.
Error - 11/4/2013 6:31:14 AM | Computer Name = Legend-PC | Source = WMPNetworkSvc | ID = 866328
Description =
Error - 11/4/2013 6:32:56 AM | Computer Name = Legend-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the WerSvc service.
Error - 11/4/2013 6:33:26 AM | Computer Name = Legend-PC | Source = Service Control Manager | ID = 7023
Description = The Application Experience service terminated with the following error:
%%193
Error - 11/4/2013 6:33:26 AM | Computer Name = Legend-PC | Source = Service Control Manager | ID = 7023
Description = The Application Experience service terminated with the following error:
%%193
Error - 11/4/2013 3:40:31 PM | Computer Name = Legend-PC | Source = AeLookupSvc | ID = 1
Description = The Application Experience Lookup service failed to initialize.
Error - 11/5/2013 4:20:29 AM | Computer Name = Legend-PC | Source = DCOM | ID = 10010
Description =
< End of report >